Update README to reflect event invitations, shared calendars, and current state
Updates tech stack counts (56 migrations, 20 models, 14 schemas, 16 routers), adds event invitations and shared calendars to features list, API overview, security section, and project structure. Reflects 5 completed penetration tests. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
cbb62ea7aa
commit
2848739474
58
README.md
58
README.md
@ -4,18 +4,20 @@ A self-hosted, multi-user life administration app with a dark-themed UI and role
|
|||||||
|
|
||||||
## Features
|
## Features
|
||||||
|
|
||||||
- **Multi-user RBAC** - Admin and standard user roles, per-user data isolation, admin portal with IAM, system config, and audit logs
|
- **Multi-user RBAC** — Admin and standard user roles, per-user data isolation, admin portal with IAM, system config, and audit logs
|
||||||
- **Dashboard** - Contextual greeting, week timeline, stat cards, upcoming events, weather widget, day briefing
|
- **Dashboard** — Contextual greeting, week timeline, stat cards, upcoming events, weather widget, day briefing
|
||||||
- **Todos** - Task management with priorities, due dates, recurrence, and grouped sections (overdue/today/upcoming)
|
- **Todos** — Task management with priorities, due dates, recurrence, and grouped sections (overdue/today/upcoming)
|
||||||
- **Calendar** - Multi-calendar system with month/week/day views, recurring events, drag-and-drop, event templates
|
- **Calendar** — Multi-calendar system with month/week/day views, recurring events, drag-and-drop, event templates, shared calendars with permission-based access
|
||||||
- **Projects** - Project boards with kanban view, nested tasks/subtasks, comments, progress tracking
|
- **Shared Calendars** — Invite connections to calendars with granular permissions (read-only, create/modify, full access). Event locking prevents concurrent edits. Near-real-time sync via 5s polling
|
||||||
- **Reminders** - Time-based reminders with snooze, dismiss, recurrence, and real-time alert notifications (dashboard banner + toasts)
|
- **Event Invitations** — Invite connections to individual events with RSVP (accept/tentative/decline), per-occurrence status overrides for recurring events, display calendar assignment, and optional edit access via can_modify toggle
|
||||||
- **People** - Contact directory with avatar initials, favourites, birthday tracking, category filtering
|
- **Projects** — Project boards with kanban view, nested tasks/subtasks, comments, progress tracking
|
||||||
- **Locations** - Location management with OSM search integration, category filtering, frequent locations
|
- **Reminders** — Time-based reminders with snooze, dismiss, recurrence, and real-time alert notifications (dashboard banner + toasts)
|
||||||
- **Weather** - Dashboard weather widget with temperature, conditions, and contextual rain warnings
|
- **People & Connections** — Contact directory with avatar initials, favourites, birthday tracking. Social connections via umbral name search with bidirectional Person records on accept
|
||||||
- **Settings** - Accent color picker (8 presets), first day of week, weather city, ntfy push notifications, TOTP two-factor auth, auto-lock, password management
|
- **Locations** — Location management with OSM search integration, category filtering, frequent locations
|
||||||
- **Notifications** - ntfy push notifications for reminders (configurable per-user)
|
- **Weather** — Dashboard weather widget with temperature, conditions, and contextual rain warnings
|
||||||
- **Admin Portal** - User management (create, delete, activate/deactivate, role assignment, password reset), system configuration (open registration, MFA enforcement), audit log viewer
|
- **Settings** — Accent color picker (8 presets), first day of week, weather city, ntfy push notifications, TOTP two-factor auth, auto-lock, password management
|
||||||
|
- **Notifications** — In-app notification centre with toast popups, plus ntfy push notifications for reminders (configurable per-user)
|
||||||
|
- **Admin Portal** — User management (create, delete, activate/deactivate, role assignment, password reset), system configuration (open registration, MFA enforcement), audit log viewer
|
||||||
|
|
||||||
## Tech Stack
|
## Tech Stack
|
||||||
|
|
||||||
@ -26,7 +28,7 @@ A self-hosted, multi-user life administration app with a dark-themed UI and role
|
|||||||
| Fonts | Sora (headings), DM Sans (body) via Google Fonts |
|
| Fonts | Sora (headings), DM Sans (body) via Google Fonts |
|
||||||
| State | TanStack Query v5, React Router v6 |
|
| State | TanStack Query v5, React Router v6 |
|
||||||
| Backend | FastAPI, Python 3.12, Pydantic v2 |
|
| Backend | FastAPI, Python 3.12, Pydantic v2 |
|
||||||
| Database | PostgreSQL 16, SQLAlchemy 2.0 (async), Alembic (37 migrations) |
|
| Database | PostgreSQL 16, SQLAlchemy 2.0 (async), Alembic (56 migrations) |
|
||||||
| Auth | Argon2id hashing, DB-backed sessions (signed httpOnly cookies), TOTP MFA, CSRF middleware, role-based access control |
|
| Auth | Argon2id hashing, DB-backed sessions (signed httpOnly cookies), TOTP MFA, CSRF middleware, role-based access control |
|
||||||
| Scheduler | APScheduler (async) for ntfy notification dispatch |
|
| Scheduler | APScheduler (async) for ntfy notification dispatch |
|
||||||
| Deployment | Docker Compose (3 services), Nginx reverse proxy |
|
| Deployment | Docker Compose (3 services), Nginx reverse proxy |
|
||||||
@ -129,6 +131,8 @@ A self-hosted, multi-user life administration app with a dark-themed UI and role
|
|||||||
- **Argon2id password hashing** with transparent bcrypt migration on first login
|
- **Argon2id password hashing** with transparent bcrypt migration on first login
|
||||||
- **DB-backed sessions** — revocable, with signed itsdangerous httpOnly cookies, 7-day sliding window with 30-day hard ceiling
|
- **DB-backed sessions** — revocable, with signed itsdangerous httpOnly cookies, 7-day sliding window with 30-day hard ceiling
|
||||||
- **Optional TOTP MFA** — authenticator app support with backup codes, admin-enforced MFA for new users
|
- **Optional TOTP MFA** — authenticator app support with backup codes, admin-enforced MFA for new users
|
||||||
|
- **Invited editor field allowlist** — can_modify invitees restricted to content fields only (title, description, time, color, location); calendar moves, recurring series changes, and deletions blocked server-side
|
||||||
|
- **5 penetration tests passed** — RBAC, header hardening, SSRF, shared calendars, event invitations; 0 exploitable findings
|
||||||
|
|
||||||
### Production Hardening
|
### Production Hardening
|
||||||
|
|
||||||
@ -163,9 +167,11 @@ All endpoints require authentication (signed session cookie) except auth routes
|
|||||||
| `/api/auth/*` | Login, logout, setup, register, status, password change, TOTP MFA |
|
| `/api/auth/*` | Login, logout, setup, register, status, password change, TOTP MFA |
|
||||||
| `/api/admin/*` | User management, system config, audit logs (admin only) |
|
| `/api/admin/*` | User management, system config, audit logs (admin only) |
|
||||||
| `/api/todos/*` | Todos CRUD + toggle completion |
|
| `/api/todos/*` | Todos CRUD + toggle completion |
|
||||||
| `/api/events/*` | Calendar events CRUD (incl. recurring) |
|
| `/api/events/*` | Calendar events CRUD (incl. recurring) + event invitations |
|
||||||
|
| `/api/event-invitations/*` | Invitation responses, per-occurrence overrides, can_modify toggle, leave |
|
||||||
| `/api/event-templates/*` | Event templates CRUD |
|
| `/api/event-templates/*` | Event templates CRUD |
|
||||||
| `/api/calendars/*` | User calendars CRUD + visibility |
|
| `/api/calendars/*` | User calendars CRUD + visibility |
|
||||||
|
| `/api/shared-calendars/*` | Shared calendar management, invitations, permissions, event locking |
|
||||||
| `/api/reminders/*` | Reminders CRUD + dismiss + snooze + due alerts |
|
| `/api/reminders/*` | Reminders CRUD + dismiss + snooze + due alerts |
|
||||||
| `/api/projects/*` | Projects + nested tasks + comments CRUD |
|
| `/api/projects/*` | Projects + nested tasks + comments CRUD |
|
||||||
| `/api/people/*` | People CRUD |
|
| `/api/people/*` | People CRUD |
|
||||||
@ -174,6 +180,8 @@ All endpoints require authentication (signed session cookie) except auth routes
|
|||||||
| `/api/dashboard` | Dashboard aggregation |
|
| `/api/dashboard` | Dashboard aggregation |
|
||||||
| `/api/upcoming` | Unified upcoming items feed |
|
| `/api/upcoming` | Unified upcoming items feed |
|
||||||
| `/api/weather/*` | Weather data proxy |
|
| `/api/weather/*` | Weather data proxy |
|
||||||
|
| `/api/connections/*` | Social connections (search, request, respond, manage) |
|
||||||
|
| `/api/notifications/*` | In-app notifications (list, read, delete) |
|
||||||
|
|
||||||
API documentation is available at `/api/docs` (Swagger UI) when `ENVIRONMENT=development`.
|
API documentation is available at `/api/docs` (Swagger UI) when `ENVIRONMENT=development`.
|
||||||
|
|
||||||
@ -215,15 +223,15 @@ umbra/
|
|||||||
│ ├── Dockerfile
|
│ ├── Dockerfile
|
||||||
│ ├── requirements.txt
|
│ ├── requirements.txt
|
||||||
│ ├── alembic.ini
|
│ ├── alembic.ini
|
||||||
│ ├── alembic/versions/ # 37 migrations (001–037)
|
│ ├── alembic/versions/ # 56 migrations (001–056)
|
||||||
│ └── app/
|
│ └── app/
|
||||||
│ ├── main.py # FastAPI app, CSRF middleware, router registration, health endpoint
|
│ ├── main.py # FastAPI app, CSRF middleware, router registration, health endpoint
|
||||||
│ ├── config.py # Pydantic BaseSettings (DATABASE_URL, SECRET_KEY, CORS, etc.)
|
│ ├── config.py # Pydantic BaseSettings (DATABASE_URL, SECRET_KEY, CORS, etc.)
|
||||||
│ ├── database.py # Async SQLAlchemy engine + session factory
|
│ ├── database.py # Async SQLAlchemy engine + session factory
|
||||||
│ ├── models/ # 18 SQLAlchemy ORM models (incl. User, UserSession, SystemConfig, AuditLog)
|
│ ├── models/ # 20 SQLAlchemy ORM models (incl. User, UserSession, EventInvitation, CalendarMember)
|
||||||
│ ├── schemas/ # 13 Pydantic v2 request/response schema modules (incl. admin)
|
│ ├── schemas/ # 14 Pydantic v2 request/response schema modules
|
||||||
│ ├── routers/ # 14 API route handlers (incl. auth, admin, totp)
|
│ ├── routers/ # 16 API route handlers (incl. auth, admin, event_invitations, shared_calendars)
|
||||||
│ ├── services/ # Auth (Argon2id), recurrence, TOTP, ntfy, audit
|
│ ├── services/ # Auth (Argon2id), recurrence, TOTP, ntfy, audit, calendar_sharing, event_invitation, notification
|
||||||
│ └── jobs/ # APScheduler notification dispatch
|
│ └── jobs/ # APScheduler notification dispatch
|
||||||
└── frontend/
|
└── frontend/
|
||||||
├── Dockerfile
|
├── Dockerfile
|
||||||
@ -233,20 +241,22 @@ umbra/
|
|||||||
└── src/
|
└── src/
|
||||||
├── App.tsx # Routes, ProtectedRoute, AdminRoute auth guards
|
├── App.tsx # Routes, ProtectedRoute, AdminRoute auth guards
|
||||||
├── lib/ # api.ts (axios + 401 interceptor), date-utils.ts, utils.ts
|
├── lib/ # api.ts (axios + 401 interceptor), date-utils.ts, utils.ts
|
||||||
├── hooks/ # useAuth, useAdmin, useSettings, useTheme, useCalendars, useConfirmAction, useCategoryOrder, useTableVisibility
|
├── hooks/ # useAuth, useAdmin, useSettings, useTheme, useCalendars, useConfirmAction, useConnections, useNotifications, useEventInvitations
|
||||||
├── types/ # TypeScript interfaces
|
├── types/ # TypeScript interfaces
|
||||||
└── components/
|
└── components/
|
||||||
├── ui/ # 17 base components (Button, Dialog, Sheet, Card, Input, Select, Switch, etc.)
|
├── ui/ # 18 base components (Button, Dialog, Sheet, Card, Input, Select, Switch, DatePicker, ...)
|
||||||
├── shared/ # EntityTable, EntityDetailPanel, CategoryFilterBar, CategoryAutocomplete, CopyableField
|
├── shared/ # EntityTable, EntityDetailPanel, CategoryFilterBar, CategoryAutocomplete, CopyableField
|
||||||
├── layout/ # AppLayout, Sidebar, LockOverlay
|
├── layout/ # AppLayout, Sidebar, LockOverlay
|
||||||
├── auth/ # LockScreen, AmbientBackground
|
├── auth/ # LockScreen, AmbientBackground
|
||||||
├── admin/ # AdminPortal, IAMPage, ConfigPage, AdminDashboardPage, CreateUserDialog, UserActionsMenu, UserDetailSection
|
├── admin/ # AdminPortal, IAMPage, ConfigPage, AdminDashboardPage, CreateUserDialog, UserActionsMenu
|
||||||
├── dashboard/ # DashboardPage + 8 widgets
|
├── dashboard/ # DashboardPage + 8 widgets
|
||||||
├── calendar/ # CalendarPage, CalendarSidebar, CalendarForm, EventForm, TemplateForm
|
├── calendar/ # CalendarPage, CalendarSidebar, EventDetailPanel, InviteeSection, LeaveEventDialog, CalendarForm, EventForm, TemplateForm
|
||||||
├── todos/ # TodosPage, TodoList, TodoItem, TodoForm
|
├── todos/ # TodosPage, TodoList, TodoItem, TodoForm, TodoDetailPanel
|
||||||
├── reminders/ # RemindersPage, ReminderList, ReminderItem, ReminderForm, SnoozeDropdown, AlertBanner
|
├── reminders/ # RemindersPage, ReminderList, ReminderItem, ReminderForm, SnoozeDropdown, AlertBanner
|
||||||
├── projects/ # ProjectsPage, ProjectCard, ProjectDetail, ProjectForm, KanbanBoard, TaskRow, TaskForm, TaskDetailPanel
|
├── projects/ # ProjectsPage, ProjectCard, ProjectDetail, ProjectForm, KanbanBoard, TaskRow, TaskForm, TaskDetailPanel
|
||||||
├── people/ # PeoplePage, PersonForm
|
├── people/ # PeoplePage, PersonForm
|
||||||
|
├── connections/ # ConnectionSearch, ConnectionRequestCard, ConnectionsTab
|
||||||
|
├── notifications/ # NotificationsPage, NotificationToaster
|
||||||
├── locations/ # LocationsPage, LocationForm
|
├── locations/ # LocationsPage, LocationForm
|
||||||
└── settings/ # SettingsPage, NtfySettingsSection, TotpSetupSection
|
└── settings/ # SettingsPage, NtfySettingsSection, TotpSetupSection
|
||||||
```
|
```
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user